remove protocol from hastebin, update source comments, update help file

digininja · Sep 12, 2020 · 1c2c645 · 1c2c645
1 parent 6855341
commit 1c2c645
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/vulnerabilities/csp/help/help.php b/vulnerabilities/csp/help/help.php
@@ -18,7 +18,7 @@
 
 		<h3>Low Level</h3>
 		<p>Examine the policy to find all the sources that can be used to host external script files.</p>
-		<pre>Spoiler: <span class="spoiler">Scripts can be included from Pastebin, try storing some JavaScript on there and then loading it in.</span></pre>
+		<pre>Spoiler: <span class="spoiler">Scripts can be included from Pastebin or Hastebin, try storing some JavaScript on there and then loading it in.</span></pre>
 
 		<br />
 

diff --git a/vulnerabilities/csp/source/low.php b/vulnerabilities/csp/source/low.php
@@ -1,9 +1,10 @@
 <?php
 
-$headerCSP = "Content-Security-Policy: script-src 'self' https://pastebin.com http://hastebin.com example.com code.jquery.com https://ssl.google-analytics.com ;"; // allows js from self, pastebin.com, hastebin.com, jquery and google analytics.
+$headerCSP = "Content-Security-Policy: script-src 'self' https://pastebin.com hastebin.com example.com code.jquery.com https://ssl.google-analytics.com ;"; // allows js from self, pastebin.com, hastebin.com, jquery and google analytics.
 
 header($headerCSP);
 
+# These might work if you can't create your own for some reason
 # https://pastebin.com/raw/R570EE00
 # https://hastebin.com/raw/ohulaquzex
 
@@ -16,7 +17,6 @@
 }
 $page[ 'body' ] .= '
 <form name="csp" method="POST">
-	<p><strong>Currently broken due to changes at Pastebin, looking for alternatives.</strong></p>
 	<p>You can include scripts from external sources, examine the Content Security Policy and enter a URL to include here:</p>
 	<input size="50" type="text" name="include" value="" id="include" />
 	<input type="submit" value="Include" />